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DECLARATION UNDER 37 C.RR. § 1.131 

Dear Sir: 

We, Randolph Campbell and Gehad Galal hereby declaie that: 

1 . I am the inventor of the subject matter claimed in the above- identified patent 
application, which is assigned to Intel Corporation. 

2. This declaration is to establish conception of the invention in the above- identified 
patent application in the United States, at a date prior to October 1, 2003, the filing 
date of U.S. Publication No. 2(X)5/0091354 to Lowell, which was cited by the 
Examiner. 

3. We understand that the invention relates to the following: 

A. An apparatus comprising: 

a processor having a normal execution mode and a host execution mode; 
a virtual machine monitor (VMM) implemented in the host execution mode 

creates original and target protected mode environments to operate guest software in a virtual 
machine, wherein responsive to a command to switch between the protected modes, the VMM 
causes the processor to atomically switch tetween the original protected mode environment and 
the target protected mode environment; and 

a virtual machine control stmcture (VMCS) to store state information for use in 
switcliing between the original protected mode environment and the target protected mode 
environment, the VMCS to store state information related to the original protected mode 
environment. 
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B . A method comprising : 

providing a normal execution mode in a processor and a host execution mode in a 

processor; 

creating original and target protected nK)de environments to operate guest 

software in a virtual machine utilizing a virtual machine monitor (VMM) implemented in the 
host execution mode, wherein responsive to a command to switch between the protected modes, 
atomically switching between the original protected mode environment and the target protected 
mode environment utilizing the VMM; and 

storing state infonnation in a virtual machine control structure (VMCS) for use in 
switching tetween the original protected mode environment and the target protected mode 
environment including storing state information related to the original protected mode 
environment. 



C. A machine-readable medium of a storage device having tangibly stored thereon 
instructions, which when executed by a machine, cause the machine to perfomi the following 
operations conprising: 

providing a nomial execution mode in a processor and a host execution mode in a 

processor; 

creating original and target protected mode environments to operate guest 
software in a virtual machine utilizing a virtual machine monitor (VMM) implemented in the 
host execution mode, wherein responsive to a command to switch between the protected modes, 
atomically switching between the original protected mode environment and the target protected 
mode environment utilizing the VMM; and 

storing state intbrmation in a virtual machine control structure (VMCS) for use in 
switching between the original protected mode environment and the target protected mode 
environment including storing state information related to the original protected mode 
environment. 

D. A system comprising: 

a processor including virtual machine extension (VMX) instruction support, the 
processor further having a nonnal execution mode and a host execution mode; 

a virtual machine monitor (VMM) implemented in the host execution mode 
creates original and target protected mode environments to operate guest software in a virtual 
machine, wherein responsive to a command to switch between the protected modes, the VMM 
causes the processor to atomically switch between the original protected mode environment and 
the target protected mode environment; and 

a virtual machine control structure (VMCS) to store state information for use in 
switching between the original protected mode environment and the target protected mode 
environment, the VMCS to store state information related to the original protected mode 
environment. 



Docket No. 42P17827 



Page 2 of 3 



4. Prior 10 Delober i; 21)03, 1 anBpleted an MvtT?t;ioTt0fec}oi>m'e (Exhibit A) <fe^?cribiBg 
the toeiMqn a?5it ^^ubmitied tim invention di^.eloi^ui'e to &u> legal iiepartmentof felel 

X. Afm. rmeigt. tmh^ of tbe In vcittion Di^oloj^am, the kpi tiepartmt^fit }md 
Corporation decided w pmcmd with ite |H*epamic>n of a pmmi ^ffiimmn 

6: Thereafter, the afeVfe^-kieitified p^^e^^^ '^^s |jr^pat^d witfe due <lilitejt» 

We hereby decte Omt j^I! statgrneni^ made herc^hi: x^'mv t^wn teowfeilge are tme a^ci iim 

piiaishali^l^ fey Qm m Imprmmmmt, or teth, UB^Jer ?^ecdon imi orTMe \ 8 of m IMtM Smt$ 
Code, iUKi tJ« siieli A^illfiit fefe ^i^il^m^iit^ m^j^je^^ tb^ v^^lWity <?f 





Dam.: 



4. Prior to October 1, 2003. 1 completed an Invention Disckmre (Exhibit A) describing 
the invention and submitted ilie invention disclosu]^ to the Jegal department of hml 

5. After receipt arid re view of the Immtim Disclosure, tte legal department of Mel 
Gorporatton decided to proceed with the preparation of a patent application and 
fec|tie$ted thM Blakely* Sokoloff, Taytor & Zatoij LLP prepare and file a patent 
application on the subject matter set fdith in Exhibit A. 

6. There^ter, the above-yeiitilied patent applteatioti \^as preparecj with dtte diligence 
and filed on March 3 1 , 2(K)4. 

We hereby declare that all statements made herein of my o^vn toowledge are tme and that 
the ^tatemeiJts made on iitfarijjMiditt and belief Me believed to be true; and fiMher that these 
statetnents were made with the knowledge that willfi^ false statements and the like so made are 
ptmishable by fine or ina|msonmentvW both^ under section IQOl of Title 18 of the United States 
Code, aind that such wUlfiil False stoten^ni^ may jebp^dize the vaJidiiy of the applicatioii or any 
patent thereoti. 



Date: 
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EXfflBIT A 




DATE.' 



Axx«« — 'NVENTJON DISCLOSURE 




It is I ^OFTWARE/CTC./M IH 



lisM^Jame^Galal 



JlIlgLg hone Number 




(PROVIDE SAME INFORMATION AS ABOVE Pnp c:*^ 

r^n^^^;^^;ti5;;^ J^asabovefor each additional inventor) 




5. Stage of developmeiTr7rr~^r7 \ ^ ^ — ^ 

^^^^^^^^^^^^^^^^^^ 




'f YES, was the manuscript submitted 
'f YES. please identify the publication 



for pre-publication approval through the Author 



and the date published: 



Incentive Program; 




6b. IMPPOTfTnventjon been used/sold or planned to be used/sold by Intel or others 
product. 





6c. Does this invention relate to technology that is or will be covered by a SIG (special interest group)/standard or specification? 




6{L. If the invention is embodied in a senniconductor device, actual or anticipated date of tapeout? 



Be If the invention is software, actual or anticipated date of any beta tests outside Intel: 



7. Was the invention conceived or constructed iiV^oMaboratiorfwith anyone other than an Intel blue badge employee 
or in performancel^of a project in volving entitie^other than Intel (e.g. government, other companies, universities 
or consortia)? 



- li t) . I ' . ' m^ rn^ 



8. Is this inven tic ^i^ fei i ld to anff ot li e« '1 l #b ntion disclosure that you have r ecently submitted? If sd, pteli 



title and 



PLEASE READ ^T ifiWrf^)^^ DIRECTIONS ON 
HOW TO WRITE A DESCRIPTION OF YOUR INVENTION 

Try to limit your description to 2-3 pages 
Do NOT attach a presentation, white paper, or specification 
ANSWER ALL OF THE QUESTIONS BELOW 

Please provide a description of the invention and include the following information: 

1. Describe in detail what the components of the invention are and how the invention works. 

Background: 

LaGrande Technology (LT) Virtual Machine Extension (VMX) adds processor support for IA-32 virtual machines 
on IA-32 processors. Monitor software uses VMX to create one or more IA-32 virtual machines. Guest software 
(e.g. operating systems, device drivers, applications) may run unmodified inside an IA-32 virtual machine. Certain 
guest events, instructions and situations trap to the monitor, allowing the monitor to present the guest software 
with a processor abstraction. A trap from the guest to the monitor is referred to as a VMEXIT. A new instruction, 
VMCALL, allows the guest software to force a VMEXIT to the monitor. The monitor may resume the guest with 
the VMRESUME or VMLAUNCH instructions - this transition is referred to as a VMENTER. 

The transitions between the monitor and the guest software are controlled by the Virtual Machine Control 
Structure (VMCS). This structure stores the guest state, the monitor state, and various control registers which 
determine which guest events trap to the monitor and what state is loaded and stored on VMEXIT and what state 
is loaded on VMENTER. For example, on VMEXIT guest state is stored to the guest state area of the VMCS and 
monitor state is loaded from the monitor state area of the VMCS. On VMENTER the guest state is restored from 
the guest state area in the VMCS. See figure 1. The monitor may read and write fields in the VMCS using the 
VMREAD and VMWRITE instructions. 

VMEXIT and VMENTER transitions switch nearly the entire state of the machine including a new Global 
Descriptor Table Register (GDTR). a new Interrupt Descriptor Table Register (IDTR). Control registers (CRO. 
CR3. and CR4). EIP. and ESP. 



On VMEXIT. guest 
state is saved here 



On VMEXIT. guest ► 

state is restored from 



Guest State Save Area 



Monitor State Save Area 



On VM ENTER, guest state 
is restored from here 



Figure 1: Virtual Machine Control Structure 
Context switching between protected mode environments: 



Switching between two protected mode environmer^l»>tan be partially accomplished using the IA-32 
hardware task switch mechanism. The IJ^2 hardware task mechanism does not update the Global Descriptor 
Table Register (GDTR) or the Interrupt Descriptor Table Register (IDTR). These registers must be saved and 
restored by code before or after the task switch. During this code the processor is "in the crack" between the 
two environments - the processor contains some state from one environment (e.g. the GDTR) and some state 
from the other environment. Faults or interrupts taken while in the cracHi#F«^nt«r'b& handled properly. The 
following sequence illustrates the problem: 



Original protected mode environment (O context) is initially op^tienal {with IDT^^ df^TR, CR3, and 
ESP) ' * *^ 



4. 



6. 



O context uses a task switch to switch some processor registers to target Protected Mode environment 
(T context). These registers include CR3, ESP. 

To use the task switch for loading segment registers, special handling needs to be done to ensure that 
new segment selector values (loaded by the task switch) are defined properly in the O context GDT. 
After the task switch is completed, the processor virtual space is changed (by the new CR3), while the 
processor GDTR and IDTR still contains virtual addresses of the O context. 
Any interrupt/ exception occurring at this point will result in a triple fault (no IDT to handle the 
interrupt/ exception) . 

A lot of complicated processing needs to be done to after the task switch to change the remaining 
processor registers to the T context. 



This invention disclosure presents a mechanism with which VMX features can be used to facilitate the 
transition between protected mode enviroriments atomically. 

Algorithm: Protected Mode Context Switch using VIMX Features 

The following pseudo code/figure demonstrates the algorithm to perform a complete IA-32 context switch using 
LT VMX. The transition is made from the Original Protected Mode State (O context) to the Target Protected Mode 
State (T context). A protected mode state is a set of settings for different processor registers including Control 
registers (CRO. CR3. CR4). IDTR. GDTR, EIP. and ESP. Note this code assumes the processor is running in 
protected mode and has VMX enabled {CR4,VMXE=1). 



O Context Code 



VMCS 



T Context Code 



VMCALL Instruction 



Guest State = O Context 

Guest EIP = VMCALL Instruction Address 

Host State T Context 

Host EIP - VMXOFF Instruction Address 



VMXOFF Instruction 



O Context executes 
VMXON 




running 



O Context executes VMCALL instruction 
Causing an exit 



O Context is host 



Context 



O Context is Guest 




Context 



T Context is Host 



Context 



O Context prepare VMCS as above figure 
O Context executes a VM LALrNCH 




T Context running 



Context is switched 



T Context executes a VMXOFF 



Figure 2: VMCS Contents and timeline for context switch 



1 . O context executes a VMXON instruction. This puts the processor in root/host VMX operation, allowing 
execution of additional VMX instructions. O context is now running as the VMX host, 

2. O context allocates memory for a VMCS, performs a VMCLEAR and a VMPTRLD to initialize and make 
active the VMCS. 

3. O context uses a series of VMWRITE instructions to load the VMCS guest save area with the O context. 

?u^'??.^f^L''^®^ ^ ^^''^^ VMWRITE instructions to load the VMCS host save area with the T context 
The VMCS guest context area now contains the O context and the host state area contains the T context 
see Figure 2. 

5. O context loads the guest EIP field of the VMCS guest save area with the address of a VMCALL 
instruction in the O context (as shown in figure 2). 

6. O context loads the EIP field of the VMCS host save area with the address of the entry point in the T 
context. This first instruction would typically be a VMXOFF instruction. 

7. O context executes a VM^LAUNCH instruction. This loads the processor with the VMCS guest state area 
(wnicn contains the O context). 

8. O context now executes in guest context executes a VMCALL instruction forcing a VM-exit. 

9. The VM-exit returns the processor to VMX host context, which was prepared to contain the T. 

10. While in T context, the processor executes the VMXOFF instruction and continues executing, now running 
with the desired protected mode state (T context). running 



2. Describe advantage(s) of your invention over what is currently being done. 

Current methods for switching between two different protected mode environments might use the IA-32 hardware 
task switch, reloading the GDTR or IDTR before or after the task switch. This method puts the processor "m the 
crack" between two protected mode environments i.e. the processor state is inconsistent for a short penod of 
time Interrupts happening at this time will not be handled correctly. This algorithm does the transition atomically. 
thus ensuring a consistent protected mode environment at all times. This improves system reliability and stability. 

3. You MUST include at least one figure illustrating the invention. If the invention relates to 
software, include a flowchart or pseudo*code representation of the algorithm. 



4. Value of your invention to Intel (how will it be used?). 

This algorithm may be used anytime a programmer wishes to transition from one protected mode environment to 
another. An example of that is starting switching back from Virtual Machine Monitor to one of its guest VMs after 
teardown. 

5. Explain how your invention is novel. If the technology itself is not new, explain what makes it 
different. 

This algorithm performs an atomic mega-task switch using LT VMX, Older methods perform the machine state 
transition in several steps. The older method requires mapping the GDT and IDT in both environment at any point 
in time while switching between them, this may not be possible if the two environments do not have the same 
virtual address regions free. 

6. Identify the closest or most pertinent prior art that you are aware of. 



7. Who is likely to want to use this invention or infringe the patent if one is obtained and how would 
infringement be detected? 



